Azure

A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.

A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.

AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.

Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.

Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.

A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.

AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.

CobaltBus integrates Cobalt Strike with Azure Service Bus to create covert C2 communication channels for red team operations.

HAWK is a multi-cloud antivirus scanning API that uses CLAMAV and YARA engines to detect malware in AWS S3, Azure Blob Storage, and GCP Cloud Storage objects.

A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.

A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.

A tool that generates Terraform files for creating Azure Policy Initiatives to implement cloud security guardrails and enforce organizational standards at scale.

Cloudmarker is a configurable cloud monitoring tool and framework that audits Azure and GCP environments by retrieving, analyzing, and alerting on cloud security data.

SkyArk is a cloud security scanning tool that identifies privileged entities in AWS and Azure environments to help mitigate Cloud Shadow Admin threats.

An Azure Function that validates and relays Cobalt Strike beacon traffic based on Malleable C2 profile authentication.

A Helm plugin that decrypts encrypted value files using sops encryption and integrates with cloud secret managers for secure secrets management in Kubernetes deployments.

Comprehensive suite of tools and resources by Microsoft Azure for ensuring security and protection of data and applications in the cloud.

SOPS is an encrypted file editor that supports multiple formats and integrates with various key management services including AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.

Komiser is an open-source cloud-agnostic resource manager that analyzes and manages cloud cost, usage, security, and governance across multiple cloud providers in a unified platform.

GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.

A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.